from the 'terrorist'-gambit-fails;-adds-+20-to-Cammy-Dee's-street-cred dept

Cameron D'Ambrosio, the teen charged with "communicating terrorist threats" via some daft rap lyrics posted to his Facebook profile, is apparently no longer a threat to the people of Methuen, MA, and parts beyond. Facing a possible 20-year-sentence for his inclusion of such explosive terms as "White House," "murder charge" and "Boston bombinb" in his one-man online rap battle, D'Ambrosio has been held without bail since May 2nd. As of Thursday night, however, D'Ambrosio is free to killterrorize rhyme again. And, as an added bonus, he now has something in common with many of the rappers he clearly aspires to be: time served.

An Essex County grand jury declined Thursday to bring an indictment against Cameron D’Ambrosio, 18, so prosecutors will formally file a motion to drop the charge of making a bomb or hijack threat, said Carrie Kimball Monahan, a spokeswoman for the district attorney.

The D.A.'s office has declined to comment on the grand jury's decision, and D'Ambrosio and his lawyer are probably saving some choice words for a press conference. But that hasn't stopped the man behind this overreaction and the ensuing farcical approximation of criminal "justice." Here's what Police Chief Joe Solomon had to say in his press release (delivered via Facebook).

"I have just been advised of the Grand Jury decision from earlier today, where the grand jury did not issue an indictment on the high school threats case. Although we disagree with the Grand Jury's decision we respect it. Several judiciary levels have confirmed the probable cause in this case as it has worked it's way through the criminal justice system. We will continue to take all threats against our community seriously and will always utilize due diligence in our investigation."

Thank you Chief Solomon

A few things to note:

1. Suddenly it's only a "high school threats case," rather than the much more dangerous-sounding "communicating terroristic threats."

2. Shouldn't the "probable cause" have been determined before D'Ambrosio was even arrested?

Matthew Segal, the legal director at the ACLU of Massachusetts – who has worked on similar first amendment cases, though not this one – says it does not appear that D'Ambrosio's Facebook post rose to the level of a "true threat" warranting an investigation, which the grand jury has found as well. Segal notes that D'Ambrosio's words didn't target anybody or anything specifically, which the Methuen police have also acknowledged.

D'Ambrosio still has one more date hanging over his head -- June 27th -- during which prosecutors may decide to bring other charges. This seems unlikely considering the District Attorney's office has already announced it will not be pursuing this case further. Just in case, supporters of D'Ambrosio, led by the Center for Rights (whose Free Cameron petition gathered over 90,000 votes), will be on hand to show their support for Cameron -- and the First Amendment.

from the wimps dept

It's become something of a sport in the past decade for roughly half of America to mock, dismiss, and otherwise tear down the Fox News channel. Personally, I'd rather like to see all of cable news go away, but there are times when I think the criticism is a tad selective and unfair. For instance, it'd be very easy to lambaste the network for the man-clowns they trotted out in the wake of a Pew Research study that showed that mothers currently make up nearly half of American household's primary wage-earners. What was for me a meh-inducing announcement was a sign of the surely-coming apocalypse for Lou Dobbs, Erick Erickson and Juan Williams. They're easily targeted as examples of the bad on the station, but if you're blinded by ideology or party alliance, you probably didn't bother to shine a light on the absolutely glorious rebuttal by Fox News host Megyn Kelly.

What we have there is an example of Fox News presenting two sides of the debate and among their own hosts to boot. In case you can't see it, Kelly uses clips from Lou Dobbs' show within her own to demonstrate her point. I mention this only to demonstrate that Fox News was not sufficiently embarrassed by the dumb things said by some of their commentators to keep from re-airing them on another of their shows. When an advocacy group wants to use those same clips for an ad-spot, however, suddenly the scramble to copyright claims has occurred. An anti-sexism group named UltraViolet submitted the ad to air on Fox's channel, painting the commentators in a negative light and then asking them to be retired from Fox News. You might expect the channel to dismiss the ad simply on the grounds that they don't want to denigrate their own programming, but that wouldn't help in trying to keep the spot off of other networks, would it? So Fox instead relied on the go-to protocol for censoring negative information. Per UltraViolet's media buyer, Buying Time, LLC:

Team – Just heard back from Fox Business. Unfortunately, Fox has rejected the ad. Due to their copyright rules, they can’t air an ad that uses their material in a spot.

It's a dumbfounding refusal on its face and is almost certainly being used as an excuse rather than a legitimate claim. Certainly nothing in copyright law would keep a network from airing commercials that use its own footage, valid copyright claim or not. It's their footage. Beyond that, this seems like a clear-cut case of fair use, the clips being central to a critique which does not seek commercial gain, are not significantly long in use, and in a way that certainly doesn't compete against Fox's own programming. Watch the ad for yourself:

Whether you think that women being primary bread-winners is okay, or whether you think that it's just the first step in the lizard-people's plot to systematically ruin American families so that children will be easy pickings for their hungry salamander love-children, using copyright claims to put down criticism is an abuse. Thankfully, UltraViolet is savvy enough to still put their spot up on YouTube instead of being too scared to show it.

from the just-the-beginning dept

News that the NSA has unfettered access to most of the leading Internet services inevitably has an international dimension. After all, Microsoft, Yahoo!, Google and the rest of the Naughty Nine all operate around the world, so spying on their users means spying on people everywhere. Indeed, as Mike explained earlier today, the NSA is actually trying to quell criticism by selling this news as something that purely concerns non-Americans (although that's clearly rubbish.)

It was only later that it realized this was a ridiculous position, and issued the following statement:

We have seen the media reports and we are of course concerned for possible consequences on EU citizens' privacy. For the moment it is too early to draw any conclusion or to comment further. We will get in contact with our U.S. counterparts to seek more details on these issues.

That dismissive initial comment followed by the rather feeble backtracking suggests that the European politicians have not yet realized how big a problem this is going to be for them, as well as for the US authorities. For example, The Guardian has confirmed today that the UK has been tapping into Prism for a while:

The UK's electronic eavesdropping and security agency, GCHQ, has been secretly gathering intelligence from the world's biggest internet companies through a covertly run operation set up by America's top spy agency, documents obtained by the Guardian reveal.

Specifically:

It says the British agency generated 197 intelligence reports from Prism in the year to May 2012 -- marking a 137% increase in the number of reports generated from the year before. Intelligence reports from GCHQ are normally passed to MI5 and MI6.

Already, one Labour MP, Tom Watson, has said that he will table questions in the House of Commons next week, and it seems likely that others will be demanding to know how much the UK government knew of this pervasive spying activity, what information it received -- and what it gave in return.

Given the large number of German users of Google, Facebook, Apple or Microsoft services, I expect the German government... is committed to clarification and limitation of surveillance.

He then went on to make an important connection:

In addition, the reports illustrate the importance of strengthening the European data protection law. The dilatory attitude of the EU Interior and Justice Ministers towards the Privacy Policy reform package is a completely wrong signal.

As Techdirt has reported, new data protection rules currently being discussed by the European Union have come under fierce attack by US companies, who want them watered down. For the most part, they were succeeding, but it's possible that the revelations that the very same companies who have lobbied so hard to neuter EU regulations have allowed the NSA to access customer data may start to tip the balance the other way.

The European Commission's Directive on Data Protection went into effect in October of 1998, and would prohibit the transfer of personal data to non-European Union countries that do not meet the European Union (EU) "adequacy" standard for privacy protection. While the United States and the EU share the goal of enhancing privacy protection for their citizens, the United States takes a different approach to privacy from that taken by the EU.

In order to bridge these differences in approach and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a "Safe Harbor" framework and this website to provide the information an organization would need to evaluate -- and then join -- the U.S.-EU Safe Harbor program.

Without Safe Harbor status, no US company would be allowed to transfer personal data about Europeans out of the EU. It's unlikely that the European Commission would contemplate such a drastic move, but it's an indication of how high feelings are starting to run -- and this is only a few hours after the NSA story broke.

Mind you, however bad the situation is in Europe, President Obama can take comfort from the fact that it could be worse:

Peng Liyuan, the wife of Chinese leader Xi Jinping, appears to have an iPhone. And now, according to reports, US intelligence agencies may be spying on iPhone users through a secret data harvesting program. Does that mean there’s a possibility that the US is spying on the private messages of China’s first lady?

from the urls-we-dig-up dept

Today is National Doughnut Day, and to celebrate, many shops -- like Dunkin' Donuts, Krispy Kreme, and Tim Hortons -- are giving away free doughnuts. A "national doughnut day" just sounds like another holiday made up for businesses to make more money, but it was actually established in 1938 by the Salvation Army to raise money during the Great Depression and to honor the female volunteers who served meals (and doughnuts) to soldiers on the front lines during World War I. Here's some more doughnut-related news.

from the ethics? dept

I say “allegedly” not to suggest there’s any question over whether the partner owned the trolling company, but because the partner claims he had no involvement in the decision to sue his firm’s most prominent tech client. Even if he didn’t, it hardly sounds kosher.

Whatever his precise role, he might have gotten away with it, too, if it weren’t for that meddling privilege log…

Court documents unsealed this week reveal who’s behind FlatWorld, and it’s anything but typical. FlatWorld is partly owned by the named inventor on the patents, a Philadelphia design professor named Slavko Milekic. But 35 percent of the company has been quietly controlled by an attorney at one of Apple’s own go-to law firms, Morgan, Lewis & Bockius. E-mail logs show that the attorney, John McAleese, worked together with his wife and began planning a wide-ranging patent attack against Apple’s touch-screen products in January 2007 — just days after the iPhone was revealed to the world.

John McAleese is no longer on the Morgan Lewis website. Thankfully, we can go to the Internet WABAC Machine.

FlatWorld’s claims are based around the work of Slavko Milekic. Milekic holds a 2005 patent (6,920,619 B1 for anyone playing along at home) for an original way of interacting with a touch-sensitive visual display, which sounds like it might implicate the iPhone’s — and other Apple products’ — user interface. And he had help deciding to sue from his other business partner, McAleese’s wife:

Jennifer McAleese reached out to numerous “troll patent” companies, as she called them, convinced that she and Milekic had an “excellent position against Apple” if and when they chose to sue. She e-mailed top patent lawyers at Google and Nokia, competitors known to be in patent clashes with Apple.

The whole time she was advised by her husband, a lawyer who had access to reams of confidential Apple data—but who says he never touched it. (Apple doesn’t see it that way.) Together, the McAleeses created “an indirect and covert pipeline” of information pumped to FlatWorld’s attorneys according to Apple lawyers. Now Apple wants FlatWorld’s law firm, Seattle-based Hagens Berman Sobol Shapiro, kicked off the case.

But this highlights the dumbest aspect of this covert investment: the decision for John McAleese to hold a 35 percent stake in the company under his own name. If the practice of the company involved Jennifer McAleese doing the legwork to create a degree of separation between Morgan Lewis and the lawsuit, then why not put the entire company investment in her name? For that matter, why not use a maiden name? Perhaps I’m introducing too much logic into this scheme.

But the most important take away from this episode — the practice pointer, if you will — is that you should carefully review the privilege logs you get sent:

But Apple apparently didn’t know about John McAleese until February. That’s when opposing lawyers sent Apple a “privilege log,” a kind of spreadsheet explaining why certain documents are not going to be handed over during the discovery phase of litigation. FlatWorld listed all the e-mails between the company’s founder and the various lawyers he communicated with about possibly filing suit together. There have been many and one of the lawyers listed was McAleese. In fact, that name showed up more than any other lawyer. Even more eye-opening was his identification in a “key” to the privilege log: “Attorney at Morgan Lewis & Bockius LLP.”

This got the attention of an Apple in-house lawyer, Jeff Risher, who rang the first alarm bell in Cupertino. On February 25, Risher fired off an e-mail to a Morgan Lewis partner named Scott Garner. That e-mail is redacted in the public court record, but Risher couldn’t have been happy. Garner forwarded the whole thing to his McAleese at 12:48am, asking “Do you know what this is about?”

McAleese did know what it was about and suggested it was no big deal.

Apple thought it was a big deal.

And this seems to be a dangerously growing trend.

Underneath the FlatWorld fiasco is an important question: just how many lawyers at huge law firms—which compete to defend Silicon Valley icons like Apple from patent litigation—have “gone rogue” and become implicated in patent trolling themselves, either as investors like McAleese or as inventors?

In 2007, a top-billing Fish & Richardson partner named Scott Harris was fired when a patent he invented was used to sue Google. That affair exploded into litigation between Harris and his former firm.

Other big-firm lawyers who created so-called “patent troll” companies haven’t been punished; they’ve prospered. Irah Donner was a partner at WilmerHale when he was asked to shut down his patent licensing campaign, which previously earned him hundreds of thousands of dollars in settlement payouts from car companies like Honda, Toyota, and Ford. But his patents continue to be held by companies connected to some of the most controversial trolling in the country, including the infamous MPHJ “scanner trolls.” Meanwhile, Donner has moved from one prestigious large law firm to the next.

Michael Powell was a young associate at Quinn Emanuel Urquhart & Hedges in 2008. That year, he took a patent on an “online idea marketplace” from his defunct dot-com and used it to sue Microsoft, Gannett, McClatchy, Monster.com, and CareerBuilder.com. His firm, a go-to patent defense firm for Google and Samsung, didn’t fire him. Instead, he made partner.

I’m volunteering to run the very short CLE course: “Don’t try to troll your own clients.”

First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers. Indeed, the U.S. government does not have direct access or a “back door” to the information stored in our data centers. We had not heard of a program called PRISM until yesterday.

Second, we provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process. Press reports that suggest that Google is providing open-ended access to our users’ data are false, period. Until this week’s reports, we had never heard of the broad type of order that Verizon received—an order that appears to have required them to hand over millions of users’ call records. We were very surprised to learn that such broad orders exist. Any suggestion that Google is disclosing information about our users’ Internet activity on such a scale is completely false.

Facebook is not and has never been part of any program to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received. And if we did, we would fight it aggressively. We hadn't even heard of PRISM before yesterday.

When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if is required by law. We will continue fighting aggressively to keep your information safe and secure.

Some have pointed out that these claims can still be read carefully to mean that other forms of data access potentially did happen, though some of the direct claims are pretty strong. It's also noteworthy that Page and Zuckerberg seem to mimic each other's word usage. Furthermore, it does seem odd that the President more or less confirmed the existence of the program, which all these tech companies are denying. Does that mean that something else is going on? Is the NSA doing this without letting the companies know? It's certainly unclear at this point, but it's going to come out eventually.

from the but-of-course dept

Another day, another leak -- and once again, it's not much of a surprise, but rather a confirmation of what's long been suspected. This time, it's that President Obama has ordered the US to draw up a list of "targets" for proactive cyberattacks, as revealed (yet again) by Glenn Greenwald at the Guardian. This is a point we'd raised months ago. For all the talk of "cybersecurity" fears, it's the US that's been the biggest proponent of proactive cyberattacks.

The 18-page Presidential Policy Directive 20, issued in October last year but never published, states that what it calls Offensive Cyber Effects Operations (OCEO) "can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging".

It says the government will "identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power".

The directive also contemplates the possible use of cyber actions inside the US, though it specifies that no such domestic operations can be conducted without the prior order of the president, except in cases of emergency.

Again, this shouldn't be a surprise if you're paying attention. Back in February, we noted that the White House had done an internal "legal review" and decided for itself that it had broad powers when it came to cyberattacks.

I'm guessing we're still going to be seeing a lot more big leaks in the near future....

from the check-for-john-doe dept

We were a bit surprised that Prenda Law's Paul Duffy actually filed a bond to cover the amount that Judge Otis Wright ordered Team Prenda to pay in legal fees for their shenanigans. To date, Team Prenda seems to go out of its way to play games and to avoid doing what the court is actually asking, so it seemed like a bit of a departure to see them actually file a bond (if a few days late, and with some protest). But, apparently, we should never underestimate Prenda's game-playing.

The lawyer opposing them, Morgan Pietz, has responded to the bond asking the court not to accept it until a variety of changes are made, and which highlights the type of petty activity that Prenda is well known for engaging in. The most brazen, perhaps, is the fact that Duffy made the bond be in the name of "John Doe" for the unidentified client, but Pietz points out that, given that's not the Doe's real name, it's possible that they may get a check that can't be cashed. That's the kind of thing that has Prenda's name written all over it -- doing something that pretends to be helpful, when inside they're laughing about the "trick" they pulled on people.

That's not all. Duffy, in his filing, had said that Pietz had not been cooperative in having a "meet and confer" to agree on what the bond amount should be. But Pietz tells a very different story, and provides the email evidence.

The first undersigned counsel heard about a bond, or payment, from any
Prenda party (with the exception of Mr. Gibbs; his motions will be addressed by
separate response) was on Monday May 20, 2013, when Paul Duffy sent a short
email on the subject, offering to post a bond in the amount of 125% of the amount
awarded in the Sanctions Order. Undersigned counsel dutifully responded later that
day (to all parties), outlining a number of concerns about the amount and conditions
that should attach to a supersedeas bond, reiterating concerns raised in the appellate
response papers regarding no stay of the non-monetary aspects of this Court’s order,
and requesting that Prenda respond with their views on the substantive topics raised.
Exhibit 1.

On May 21, 2013, this Court issued an Order Denying Ex parte Application
for Stay of Enforcement ; Order to Show Cause Re Attorney’s-Fee Award. ECF No.
164. The next day, after close of business on May 22, 2013, still not having heard
anything regarding payment or a bond, undersigned counsel again emailed all
Prenda parties in another attempt to meet and confer regarding appeal bond details.
Exhibit 1. In response to the May 22 query attempting to spur further discussion on
the several points raised by undersigned counsel previously on the bond issue, Mr.
Duffy wrote back “You had no substantive points. If you think of some and can
articulate them coherently I would be glad to consider them. Thanks for thinking of
me.” Id. Shortly after receiving Mr. Duffy’s foregoing email, undersigned counsel
pointed out to everyone that such a response was not very helpful, and invited the
rest of the Prenda parties to respond in substantive fashion. Nobody did. Mr. Duffy,
however, did write the whole group one more time, in nonsensical and vaguely
threatening fashion, to indicate that has apparently made a conscious decision
to send undersigned counsel’s email messages to the SPAM folder. Exhibit 1

In case you can't look at the exhibit, the email that Duffy wrote back to Pietz -- which was clearly not an automated response -- was the following:

Thanks for your message Sir/Madam! Unfortunately, due to your inappropriate language and messages,
which are within the access of my young children, I must place you in my "spam" filter. Unfortunately, I delete
such messages daily without reading them. I wish you a speedy recovery, and make it a GREAT day!

Among the other problems with the bond, is that only Duffy has signed onto it, and as Pietz points out, since there are many different parties, each appealing separately, it's not at all clear as to what happens if some are exonerated, while others are found guilty. And, of course, Pietz argues that the amount is way too low, because it should take into account the likely cost of the appeal as well. Oh, and Pietz also wants it to be clear that Team Prenda can't get out of paying the bond by declaring bankruptcy.

Basically, it looks like Team Prenda simply can't resist playing its games -- once again, seeming to think that it's so much smarter than everyone else, that it can run verbal rings around those exposing their efforts.

Update: And... Judge Wright has just basically agreed with Pietz, conditionally granting the bond, but only if Duffy makes a bunch of changes to deal with the claims that Pietz brought up, and also says they need to add another bond for $135,933.66, to get the total up to $237,583.66 which is the amount Pietz argued was proper given the circumstances.

from the what-a-world dept

There's been plenty of talk about how social media -- and specifically tools like Twitter and Facebook -- have been useful in organizing various protests around the world, but it's interesting to see how other popular tools are being used as well. For example, with the huge protests in Turkey, some of the protesters are using IndieGogo to finance a full-page ad in the NY Times to tell their story to the world. And it worked. Within a day, they'd raised the amount and it's continued to rise since then (and there are still weeks left). The NY Times has already accepted the ad as well. This strikes me as fascinating on a number of levels, because crowdfunding is just a different kind of platform -- and while most people just focus on its uses for buying products -- one of the key features is how it actually builds a community around the project in question. And, as such, you can see how it can also be such a powerful tool for building further community and support around a political campaign of sorts.

from the that's-not-welcoming-it dept

President Obama's incredibly weak response to the revelations this week of widespread data collection of pretty much everything by the NSA is to say that he "welcomes" the debate. But, of course, he hasn't actually welcomed the debate at all, because people have tried to bring that debate to him for years, and he's brushed them off:

When it comes to surveillance, Obama has as president shown no sign of really wanting to have a robust debate. For years, Sens. Ron Wyden (D-Ore.), Mark Udall (D-Colo.) and former Sen. Russ Feingold (D-Wis.) have been pleading with the administration to disclose more information about call-tracking tactics that they suggested would shock many Americans.

The administration largely rebuffed those calls. Only after the leak Wednesday of a four-page “top secret” court order indicating that millions of Americans’ phone calls were tracked on a daily basis did officials begin to confirm the program’s details.

But Obama could have chosen at any time to disclose the data-sifting program, or even its rough outlines. That fact leaves critics unimpressed with his latest round of let’s-talk-it-over.

In other words, he's not "welcoming" the debate at all. The debate is happening with or without him, and when he had the chance to "welcome" the debate, he didn't. Now, it appears, he's trying to appear willing "to talk" about something that's now gone way beyond the stage where "welcoming the debate" is sufficient.

If anything, his helps explain why over-aggressive secrecy is such a stupid government policy. If they had been open about this and there had been public discussions earlier, and people were free to express their concerns, and the government could explain its position, then the discussion would have been different, and more interesting. But having all this information denied by government officials for years, only to come out via a leak just looks so much worse.

Update: So around the time this post went up, President Obama actually spoke directly about all of this. He focused on a non-issue, however: about how they're not listening to everyone's phone calls. Except that was clear from the beginning. It was always said that it was just the data -- but it's a hell of a lot of data: who you called, when you called, how long you spoke to them. That's data that most people feel should be private. After that, he said this:

Now, with respect to the Internet and emails, this does not apply to U.S. citizens, and it does not apply to people living in the United States. And again, in this instance, not only is Congress fully apprised of it, but what is also true is that the FISA Court has to authorize it.

But that's not entirely accurate, since it seems pretty clear that there was access to data that included US citizens, so long as the claim was that the investigation (not necessarily any of the parties) targeted non-US persons.

He repeatedly points out that Congress and the FISA Court have repeatedly known and authorized all of this -- which could be read as throwing Congress a bit under the bus (not that they don't deserve it):

So in summary, what you’ve got is two programs that were originally authorized by Congress, have been repeatedly authorized by Congress. Bipartisan majorities have approved them. Congress is continually briefed on how these are conducted. There are a whole range of safeguards involved. And federal judges are overseeing the entire program throughout. And we’re also setting up — we’ve also set up an audit process when I came into office to make sure that we’re, after the fact, making absolutely certain that all the safeguards are being properly observed.

But that doesn't help. It just raises more questions about who Congress really represents, and whether or not "the public" is included.

The President does suggest that he might be open to reconsidering some of this, but also explains why he failed to live up to his promise to stop warrantless wiretapping:

But I think it’s important for everybody to understand, and I think the American people understand, that there are some trade-offs involved. You know, I came in with a healthy skepticism about these programs. My team evaluated them. We scrubbed them thoroughly. We actually expanded some of the oversight, increased some of the safeguards. But my assessment and my team’s assessment was that they help us prevent terrorist attacks. And the modest encroachments on privacy that are involved in getting phone numbers or duration without a name attached and not looking at content — that on, you know, net, it was worth us doing.

That’s — some other folks may have a different assessment of that. But I think it’s important to recognize that you can’t have a hundred percent security and also then have a hundred percent privacy and zero inconvenience. You know, we’re going to have to make some choices as a society.

He was also asked how he felt about it being leaked, and said he wasn't happy about it, given that it was secret for a reason -- but then uses the opportunity to throw Congress under the bus again:

That’s why these things are classified.

But that’s also why we’ve set up congressional oversight. These are the folks you all vote for as your representative in Congress, and they’re being fully briefed on these programs.

And if in fact there was — there were abuses taking place, presumably, those members of Congress could raise those issues very aggressively. They’re empowered to do so.

from the spy-back-time dept

Well, this is getting interesting. Anonymous has now leaked some NSA documents about PRISM and related programs. You can see the documents over here and a slightly hyperbolic, but not unexpected, statement about the leak. The documents don't appear to have anything that surprising or revealing beyond what people expected -- and many appear to be fairly old. However, just the fact that such documents are being leaked is interesting, as it's almost certain that more will be coming (and perhaps quite soon) about all of this government surveillance. And it's no longer a case where people are just sitting around and accepting what the government is doing.

from the let's-go-back dept

One of the points we've made throughout this discussion on the revelations around widespread NSA surveillance is that if you had been paying attention, none of this should have come as a surprise. It's just the confirmation of the exact issues that people raised. In 2007, when Congress passed the "Protect America Act," some people quickly pointed out that it massively expanded warrantless surveillance with little oversight:

But the hastily-enacted legislation, dubbed the Protect America Act, does more than permit the interception of foreign-to-foreign communications. It permits warrantless surveillance "directed at a person reasonably believed to be located outside of the United States." There is no language specifically restricting surveillance activities to communications originating outside of the United States.

In passing the FISA Amendments Act, Congress gave the executive branch the power to order Google, AT&T and Yahoo to forward to the government all e-mails, phone calls and text messages where one party to the conversation is thought to be overseas. President Bush signed the bill into law Thursday morning, describing it as a bill that "protect[s] the liberties of our citizens while maintaining the vital flow of intelligence."

Of course, last year, the FAA was up for renewal and we spent a lot of time discussing how folks in the House and the Senate (1) pretended that it only applied to foreign calls (when it clearly did not) and then (2) ignored Senators Wyden and Udall, who repeatedly made it clear that the law was being abused in this way, and asked others in Congress to demand a full and public accountability.

And, of course, the nefariousness here is not a partisan issue. Both of the laws above were signed by President Bush, and while President Obama campaigned on the fact that he would end such practices, we can safely say that that never happened.

So, while it's good that people are now realizing just how widespread the spying is, perhaps next time, when the same group of folks raise the alarm at these bills, they shouldn't be ignored or brushed off to the side as "oh you guys again..."

from the worth-watching dept

We've already talked about James Clapper, the Director of National Intelligence choosing weasel words to pretend they're saying that they weren't spying on Americans when they really were, and now some are arguing that the tech companies are doing the same exact thing. All of the tech companies listed have been denying their involvement, but again, the words are being chosen carefully, and there's a reasonable argument that they're denying certain specific claims while really side-stepping the bigger issue.

Comparing denials from tech companies, a clear pattern emerges: Apple denied ever hearing of the program and notes they “do not provide any government agency with direct access to our servers and any agency requesting customer data must get a court order;” Facebook claimed they “do not provide any government organisation with direct access to Facebook servers;” Google said it “does not have a ‘back door’ for the government to access private user data”; And Yahoo said they “do not provide the government with direct access to our servers, systems, or network.” Most also note that they only release user information as the law compels them to.

But the PRISM program’s reported access to data and the now repeatedly confirmed widespread access to phone records and other types of digital data appears to be almost exactly what the 2008 Protect America Act (PAA) allows Foreign Intelligence Surveillance Act (FISA) courts to compel tech companies to do — as many warned around the time of its passage. If tech companies are not providing direct access to their servers but are cooperating with the PRISM program, that leaves at least one other option: Companies are providing intelligence agencies with copies of their data.

Note the fine distinction. Giving the NSA a clone of their data wouldn't be giving them "access to our servers." It would be giving copies to the NSA... and then the NSA could "access" its own servers. And you were wondering why the NSA needed so much space in Utah. If they're basically running a replica of every major big tech company datacenter, it suddenly makes a bit more sense. Of course, at this point there's no evidence that this is necessarily the case -- and some are insisting that the denials are legit, and that the Washington Post's story is not entirely accurate. But... the wording here is extra careful, and the government's report really does seem to indicate that these companies are deeply involved.

By the way, if you'd like to dig in on annotating the various tech companies' denials, someone put them all up at RapGenius, the site for annotating text (not just rap songs).

You may have seen stories in the news about a top secret order Verizon allegedly received to produce certain calling information to the U.S. government.

We have no comment on the accuracy of The Guardian newspaper story or the documents reference, but a few items in these stores are important. The alleged court order that The Guardian published on its website contains language that:

compels Verizon to respond;

forbids Verizon from revealing the order's existence; and

excludes from production the "content of any communication . . . or the name, address, or financial information of a subscriber or customer."

Verizon continually takes steps to safeguard its customers' privacy. Nevertheless, the law authorizes the federal courts to order a company to provide information in certain circumstances, and if Verizon were to receive such an order, we would be required to comply.

Let's parse that a bit. First, to "not comment" on it is ridiculous. This is the same issue I had with the government pretending that leaked Wikileaks documents had never leaked. It's not reality-based. In the business world, if you sign a non-disclosure agreement, it only applies to information that remains private. If the same information becomes public through other means, it's recognized that the non-disclosure agreement no longer applies. Because that's living in reality. Pretending you can't comment on the document is not reality-based.

Second, the claim that "Verizon continually takes steps to safeguard its customers' privacy" is completely meaningless when they're handing every bit of that data over to the government. Third, the idea that this order "excludes" information like someone's name is pretty silly. Don't you think that the federal government might have a giant database, in the form of a basic phone book that lets them look up the name associated with each number?

But, most importantly, this whole claim that Verizon is compelled to obey is silly and ignores some of the history. When the government asks you to break the law, you have the right to say no. And here's the big thing: even if this is legal today, that only came about because various telcos worked with the government on broad lawbreaking in the past, only to have the government paper that over with new laws that made such things "legal" and included retroactive immunity. And, really, that's all that Verizon really cares about (and you'll note they don't mention it): that they have no liability for coughing up everyone's information.

from the nice-try,-clapper dept

So we already wrote a bit about how Director of National Intelligence James Clapper was using weasel words or outright lying, in trying to insist that the NSA wasn't actually gathering up data on pretty much every American. However, his statements go even further into the ridiculous. In his initial statement, even the title is combative:

Notice the focus is not on the unauthorized disclosure of widespread NSA surveillance, but rather "disclosure of classified information." So he's already priming the pump for the "real" villain: the press who are reporting on this.

The unauthorized disclosure of a top secret U.S. court document threatens potentially long-lasting and irreversible harm to our ability to identify and respond to the many threats facing our nation.

We've heard that before, and it's ridiculous on multiple levels. First, most would-be terrorists are likely to assume that the government is monitoring all of this stuff anyway, because there have been plenty of hints in the past. So, it's not really that likely that this sudden "revelation" is going to lead some massive change in how bad people communicate. But, more importantly, even if monitoring certain terrorists was so key to dealing with threats, that still doesn't matter. The DNI's job is not "stop threats by any means necessary." Because that's crazy. While it might help government respond to illegal activity, that doesn't mean that we give up our 4th Amendment rights, nor does it mean we need such broad, all-encompassing orders. Such things could easily have been done using a specific, targeted warrant, seeking information on a specific individual. That is, they could have done targeting which would have been useful, but they chose not to, and instead demanded all data.

But, of course, he doubles down at the end on how awful it is that people are talking about this (not that the NSA has access to so much data on everybody):

Discussing programs like this publicly will have an impact on the behavior of our adversaries and make it more difficult for us to understand their intentions.

Basically "hey everybody, shut up and stop confirming what everyone knew already: that the US spied on lots and lots of stuff." Also, this appears to be a government official telling everyone to not exercise their 1st Amendment rights to complain about the NSA violating their 4th Amendment rights. The Constitution is crying in the corner.

from the them-too?-the-club-is-getting-bigger dept

This shouldn't be a surprise to anyone, but the NSA's spying on Verizon call logs were not, of course, limited to just Verizon. The WSJ has confirmed that AT&T and Sprint are both under similar orders. That article also says that a number of internet firms and credit card companies are participating as well.

And, of course, as the story gets bigger and bigger, we're now getting quotes from ex-government officials saying that even they are surprised at how comprehensive the surveillance appears to be.

“It looks from what I’ve seen to be larger than anything I thought we were doing,” says Paul Rosenzweig, author of a recent book, Cyber Warfare.

Rosenzweig should know. As a former acting assistant secretary at the Department of Homeland Security, he was one of those people given the kind of Top Secret / Sensitive Compartmented Information clearances needed to work on any project as sensitive as this. But, he says, “I wasn’t read in on this.”

I heard the same basic thing from another ex-government official, who didn't want to be named, who had some knowledge of these kinds of programs back at the beginning in the 2008/2009 timeframe -- saying that if what's being said is true, the program has greatly expanded from where it originated.

from the target-target-target dept

Well, well. In the aftermath of the revelations that the NSA is getting records of every phone call from Verizon, followed up by the news that most of the biggest tech companies are supposedly giving direct access to the NSA, the intelligence community is responding the same way it always does: with weasel words. First up, you can see Director of National Intelligence James Clapper's statement about the spying, which we'll be discussing again in a bit.

But, a bunch of folks have been reasonably pointing out that Clapper appears to have lied to Congress. Of course, it's not like this wasn't easily called. Two years ago, we wrote about Clapper's answers to Senators Wyden and Udall, which we pointed out was a ridiculous answer that was clearly sidestepping the real questions. However, looking over that letter again now, and having become a bit more familiar with the weasel words the NSA likes to use, it's easy to look at Clapper's statement and explain why he can "stand by it" while the clear implication of it was the opposite of what he meant.

You asked whether communications of Americans have been collected… Section 702 of the FAA [FISA Amendments Act] explicitly prohibits the intentional targeting of persons reasonably believed to be located in the United States or United States persons located abroad. The Intelligence Community has put in place a variety of procedures, which have been approved by the FISA Court as required by law, to ensure that only persons reasonably believed to be located outside the United States are targeted and to prevent the intentional acquisition of any communications as to which the sender and all intended recipients are known to be located in the United States. Guidelines are also required by law to ensure compliance with other limitations on FAA collection, including the requirement that a U.S. person may not be intentionally targeted under section 702. If it is discovered that a target has entered the U.S. or is a U.S. person, he or she is promptly detargeted and reports are made as appropriate to the Department of Justice (DOJ), the Office of the Director of National Intelligence (ODNI) and the FISA Court. Moreover, when communications from persons located in the United States are collected because they are communicating with a lawful target, the privacy and civil liberty rights of U.S. persons are protected through the careful implementation of the procedures required under the FAA to ’minimize the acquisition and retention, and prohibit the dissemination“ of information about U.S. persons.’”

Most people would read this to be him saying that they do not spy on Americans. And that's obviously what he's trying to imply. But that's not what he's actually saying. He's using the NSA's favorite weasel word: "target." Now, most people assume that means one of the people on the call must be outside the US. But, you could -- if you were devious intelligence official trying to mislead Congress and the American public (hypothetically) -- interpret the word "target" to mean "if we, in general are 'targeting' foreign threats, no matter what they might be like, and this information we're collecting might help in that process, then we can snarf up this data."

In other words, most people think that "target" would mean one of the people on the phone. But, the NSA means "this overall investigation is about targeting foreign threats, so we can take whatever data we want because the goal is to stop foreign threats with it -- and therefore our mandate not to spy on Americans doesn't apply."

Information collected through a U.S. government surveillance program that taps into the servers of internet companies targets only non-U.S. persons living outside the United States, a senior administration official said on Thursday.

The U.S. law that allows the collection of data under this program does not allow the targeting of any U.S. citizen or of any person located in the United States, the official said, speaking on condition of anonymity.

Right, but whether or not they're "targeting" a person, is separate from whether or not they're spying on the data of Americans. As long as it's all part of a process that "targets" non-US persons, they can claim that they're playing by the rules.

Given that, however, I don't see how Clapper can reasonably standby the following statements:

Wyden: Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?

Clapper: No sir.

Wyden: It does not?

Clapper: Not wittingly. There are cases where they could, inadvertently perhaps, collect—but not wittingly.

Clapper is insisting that he didn't lie in his comments, but he then pretends that he was only talking about email:

What I said was, the NSA does not voyeuristically pore through U.S. citizens' e-mails. I stand by that.

Except, that's not what he was asked, nor was it what he said. He was specifically asked if the NSA collects any type of data at all, and he said no. Up above, he was using weasel words, but here it looks like he was flat out lying directly to Congress. Usually, Congress doesn't like that.